mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-10-31 13:55:25 +01:00
Trying to reduced the runtime of travis
Often in the past travis was hitting a limit (50min?). This is a try to make reasonable cuts to the unit tests: - For STARTTLS some checks with OPenSSL are skipped - For JSON and HTML outputs --ids-friendly was added assumming we don't change the output of ticketbleed, CCSI, HeartBleed and ROBOT any more. - There's also not point to run those checks against badssl - for the diff check we switch to 'or diag' to display a dfifference
This commit is contained in:
Dirk Wetter
@@ -17,7 +17,7 @@ use Data::Dumper;
|
|||||||
|
|
||||||
my $tests = 0;
|
my $tests = 0;
|
||||||
my $prg="./testssl.sh";
|
my $prg="./testssl.sh";
|
||||||
my $check2run_smtp="--protocols --standard --fs --server-preference --headers --vulnerable --each-cipher -q --ip=one --color 0";
|
my $check2run_smtp="--protocols --standard --fs --server-preference --headers --vulnerable -q --ip=one --color 0";
|
||||||
my $check2run="-q --ip=one --color 0";
|
my $check2run="-q --ip=one --color 0";
|
||||||
my $uri="";
|
my $uri="";
|
||||||
my $socket_out="";
|
my $socket_out="";
|
||||||
@@ -60,12 +60,14 @@ $socket_out = `./testssl.sh $check2run -t pop3 $uri 2>&1`;
|
|||||||
unlike($socket_out, qr/$socket_regex_bl/, "");
|
unlike($socket_out, qr/$socket_regex_bl/, "");
|
||||||
$tests++;
|
$tests++;
|
||||||
|
|
||||||
|
# commented out, bc of travis' limits
|
||||||
|
#
|
||||||
|
#printf "\n%s\n", "STARTTLS POP3 unit tests via OpenSSL --> $uri ...";
|
||||||
# unlink "tmp.json";
|
# unlink "tmp.json";
|
||||||
printf "\n%s\n", "STARTTLS POP3 unit tests via OpenSSL --> $uri ...";
|
#$openssl_out = `./testssl.sh --ssl-native $check2run -t pop3 $uri 2>&1`;
|
||||||
$openssl_out = `./testssl.sh --ssl-native $check2run -t pop3 $uri 2>&1`;
|
|
||||||
# $openssl_json = json('tmp.json');
|
# $openssl_json = json('tmp.json');
|
||||||
unlike($openssl_out, qr/$openssl_regex_bl/, "");
|
#unlike($openssl_out, qr/$openssl_regex_bl/, "");
|
||||||
$tests++;
|
#$tests++;
|
||||||
|
|
||||||
|
|
||||||
$uri="imap.gmx.net:143";
|
$uri="imap.gmx.net:143";
|
||||||
@@ -93,11 +95,13 @@ $socket_out = `./testssl.sh $check2run -t xmpp $uri 2>&1`;
|
|||||||
unlike($openssl_out, qr/$openssl_regex_bl/, "");
|
unlike($openssl_out, qr/$openssl_regex_bl/, "");
|
||||||
$tests++;
|
$tests++;
|
||||||
|
|
||||||
printf "\n%s\n", "STARTTLS XMPP unit tests via OpenSSL --> $uri ...";
|
# commented out, bc of travis' limits
|
||||||
$openssl_out = `./testssl.sh --ssl-native $check2run -t xmpp $uri 2>&1`;
|
#
|
||||||
|
#printf "\n%s\n", "STARTTLS XMPP unit tests via OpenSSL --> $uri ...";
|
||||||
|
#$openssl_out = `./testssl.sh --ssl-native $check2run -t xmpp $uri 2>&1`;
|
||||||
# $openssl_json = json('tmp.json');
|
# $openssl_json = json('tmp.json');
|
||||||
unlike($openssl_out, qr/$openssl_regex_bl/, "");
|
#unlike($openssl_out, qr/$openssl_regex_bl/, "");
|
||||||
$tests++;
|
#$tests++;
|
||||||
|
|
||||||
# $uri="jabber.ccc.de:5269";
|
# $uri="jabber.ccc.de:5269";
|
||||||
# printf "\n%s\n", "Quick STARTTLS XMPP S2S unit tests via sockets --> $uri ...";
|
# printf "\n%s\n", "Quick STARTTLS XMPP S2S unit tests via sockets --> $uri ...";
|
||||||
@@ -118,13 +122,15 @@ $socket_out =~ s/ error querying OCSP responder .*\n//g;
|
|||||||
unlike($socket_out, qr/$socket_regex_bl/, "");
|
unlike($socket_out, qr/$socket_regex_bl/, "");
|
||||||
$tests++;
|
$tests++;
|
||||||
|
|
||||||
printf "\n%s\n", "STARTTLS FTP unit tests via OpenSSL --> $uri ...";
|
# commented out, bc of travis' limits
|
||||||
$openssl_out = `./testssl.sh --ssl-native $check2run -t ftp $uri 2>&1`;
|
#
|
||||||
|
# printf "\n%s\n", "STARTTLS FTP unit tests via OpenSSL --> $uri ...";
|
||||||
|
# $openssl_out = `./testssl.sh --ssl-native $check2run -t ftp $uri 2>&1`;
|
||||||
# $openssl_json = json('tmp.json');
|
# $openssl_json = json('tmp.json');
|
||||||
# OCSP stapling fails sometimes with: 'offered, error querying OCSP responder (ERROR: No Status found)'
|
# OCSP stapling fails sometimes with: 'offered, error querying OCSP responder (ERROR: No Status found)'
|
||||||
$openssl_out =~ s/ error querying OCSP responder .*\n//g;
|
# $openssl_out =~ s/ error querying OCSP responder .*\n//g;
|
||||||
unlike($openssl_out, qr/$openssl_regex_bl/, "");
|
# unlike($openssl_out, qr/$openssl_regex_bl/, "");
|
||||||
$tests++;
|
# $tests++;
|
||||||
|
|
||||||
|
|
||||||
# https://ldapwiki.com/wiki/Public%20LDAP%20Servers
|
# https://ldapwiki.com/wiki/Public%20LDAP%20Servers
|
||||||
@@ -146,11 +152,13 @@ $socket_out = `./testssl.sh $check2run -t nntp $uri 2>&1`;
|
|||||||
unlike($socket_out, qr/$socket_regex_bl/, "");
|
unlike($socket_out, qr/$socket_regex_bl/, "");
|
||||||
$tests++;
|
$tests++;
|
||||||
|
|
||||||
printf "\n%s\n", "STARTTLS NNTP unit tests via OpenSSL --> $uri ...";
|
# commented out, bc of travis' limits
|
||||||
$openssl_out = `./testssl.sh --ssl-native $check2run -t nntp $uri 2>&1`;
|
#
|
||||||
|
#printf "\n%s\n", "STARTTLS NNTP unit tests via OpenSSL --> $uri ...";
|
||||||
|
#$openssl_out = `./testssl.sh --ssl-native $check2run -t nntp $uri 2>&1`;
|
||||||
# $openssl_json = json('tmp.json');
|
# $openssl_json = json('tmp.json');
|
||||||
unlike($openssl_out, qr/$openssl_regex_bl/, "");
|
#unlike($openssl_out, qr/$openssl_regex_bl/, "");
|
||||||
$tests++;
|
#$tests++;
|
||||||
|
|
||||||
|
|
||||||
# IRC: missing
|
# IRC: missing
|
||||||
|
|||||||
@@ -53,12 +53,14 @@ $socket_out = `./testssl.sh $check2run -t smtp $uri 2>&1`;
|
|||||||
unlike($socket_out, qr/$socket_regex_bl/, "");
|
unlike($socket_out, qr/$socket_regex_bl/, "");
|
||||||
$tests++;
|
$tests++;
|
||||||
|
|
||||||
|
# commented out, bc of travis' limits
|
||||||
|
#
|
||||||
# unlink "tmp.json";
|
# unlink "tmp.json";
|
||||||
printf "\n%s\n", "STARTTLS: Client simulations unit test via OpenSSL --> $uri ...";
|
#printf "\n%s\n", "STARTTLS: Client simulations unit test via OpenSSL --> $uri ...";
|
||||||
$openssl_out = `./testssl.sh --ssl-native $check2run -t smtp $uri 2>&1`;
|
#$openssl_out = `./testssl.sh --ssl-native $check2run -t smtp $uri 2>&1`;
|
||||||
# $openssl_json = json('tmp.json');
|
## $openssl_json = json('tmp.json');
|
||||||
unlike($openssl_out, qr/$openssl_regex_bl/, "");
|
#unlike($openssl_out, qr/$openssl_regex_bl/, "");
|
||||||
$tests++;
|
#$tests++;
|
||||||
|
|
||||||
done_testing($tests);
|
done_testing($tests);
|
||||||
unlink "tmp.json";
|
unlink "tmp.json";
|
||||||
|
|||||||
@@ -9,7 +9,7 @@ use JSON;
|
|||||||
|
|
||||||
my $tests = 0;
|
my $tests = 0;
|
||||||
my $prg="./testssl.sh";
|
my $prg="./testssl.sh";
|
||||||
my $check2run ="--ip=one -q --color 0";
|
my $check2run ="--ip=one --ids-friendly -q --color 0";
|
||||||
my $uri="";
|
my $uri="";
|
||||||
my $json="";
|
my $json="";
|
||||||
my $out="";
|
my $out="";
|
||||||
@@ -44,7 +44,7 @@ $tests++;
|
|||||||
|
|
||||||
|
|
||||||
#3
|
#3
|
||||||
# This testss.sh run deliberately does NOT work as travis-ci.org blocks port 25 egress.
|
# This testssl.sh run deliberately does NOT work as travis-ci.org blocks port 25 egress.
|
||||||
# but the output should be fine. The idea is to have a unit test for a failed connection.
|
# but the output should be fine. The idea is to have a unit test for a failed connection.
|
||||||
printf "%s\n", ".. plain JSON for a failed run: '--mx $uri' ...";
|
printf "%s\n", ".. plain JSON for a failed run: '--mx $uri' ...";
|
||||||
$out = `./testssl.sh --ssl-native --openssl-timeout=10 $check2run --jsonfile tmp.json --mx $uri`;
|
$out = `./testssl.sh --ssl-native --openssl-timeout=10 $check2run --jsonfile tmp.json --mx $uri`;
|
||||||
|
|||||||
@@ -15,7 +15,7 @@ my $out="";
|
|||||||
my $html="";
|
my $html="";
|
||||||
my $debughtml="";
|
my $debughtml="";
|
||||||
my $edited_html="";
|
my $edited_html="";
|
||||||
my $check2run="--ip=one --color 0 --htmlfile tmp.html";
|
my $check2run="--ip=one --ids-friendly --color 0 --htmlfile tmp.html";
|
||||||
my $diff="";
|
my $diff="";
|
||||||
die "Unable to open $prg" unless -f $prg;
|
die "Unable to open $prg" unless -f $prg;
|
||||||
|
|
||||||
|
|||||||
@@ -21,7 +21,7 @@ unlink 'tmp.json';
|
|||||||
|
|
||||||
#1
|
#1
|
||||||
pass(" .. running testssl.sh against badssl.com to create a JSON report with severity level equal greater than LOW (may take 2~3 minutes)"); $tests++;
|
pass(" .. running testssl.sh against badssl.com to create a JSON report with severity level equal greater than LOW (may take 2~3 minutes)"); $tests++;
|
||||||
$out = `./testssl.sh -S -e -U --jsonfile tmp.json --severity LOW --color 0 badssl.com`;
|
$out = `./testssl.sh -S -e -U --ids-friendly --jsonfile tmp.json --severity LOW --color 0 badssl.com`;
|
||||||
$json = json('tmp.json');
|
$json = json('tmp.json');
|
||||||
unlink 'tmp.json';
|
unlink 'tmp.json';
|
||||||
$found = 0;
|
$found = 0;
|
||||||
@@ -36,7 +36,7 @@ is($found,0,"We should not have any finding with INFO level"); $tests++;
|
|||||||
|
|
||||||
#2
|
#2
|
||||||
pass(" .. running testssl.sh against badssl.com to create a JSON-PRETTY report with severity level equal greater than LOW (may take 2~3 minutes)"); $tests++;
|
pass(" .. running testssl.sh against badssl.com to create a JSON-PRETTY report with severity level equal greater than LOW (may take 2~3 minutes)"); $tests++;
|
||||||
$out = `./testssl.sh -S -e -U --jsonfile-pretty tmp.json --severity LOW --color 0 badssl.com`;
|
$out = `./testssl.sh -S -e -U --ids-friendly --jsonfile-pretty tmp.json --severity LOW --color 0 badssl.com`;
|
||||||
$json_pretty = json('tmp.json');
|
$json_pretty = json('tmp.json');
|
||||||
unlink 'tmp.json';
|
unlink 'tmp.json';
|
||||||
$found = 0;
|
$found = 0;
|
||||||
|
|||||||
@@ -14,7 +14,7 @@ my (
|
|||||||
);
|
);
|
||||||
# OK
|
# OK
|
||||||
pass("Running testssl.sh against badssl.com to create a baseline (may take 2~3 minutes)"); $tests++;
|
pass("Running testssl.sh against badssl.com to create a baseline (may take 2~3 minutes)"); $tests++;
|
||||||
my $okout = `./testssl.sh -S -e --freak --logjam --drown --rc4 --sweet32 --breach --crime --jsonfile tmp.json --color 0 badssl.com`;
|
my $okout = `./testssl.sh -S -e --freak --logjam --drown --rc4 --sweet32 --breach --winshock --crime --jsonfile tmp.json --color 0 badssl.com`;
|
||||||
my $okjson = json('tmp.json');
|
my $okjson = json('tmp.json');
|
||||||
unlink 'tmp.json';
|
unlink 'tmp.json';
|
||||||
cmp_ok(@$okjson,'>',10,"We have more then 10 findings"); $tests++;
|
cmp_ok(@$okjson,'>',10,"We have more then 10 findings"); $tests++;
|
||||||
|
|||||||
@@ -18,7 +18,7 @@ my $tests = 0;
|
|||||||
my $prg="./testssl.sh";
|
my $prg="./testssl.sh";
|
||||||
my $master_socket_csv="./t/baseline_data/default_testssl.csvfile";
|
my $master_socket_csv="./t/baseline_data/default_testssl.csvfile";
|
||||||
my $socket_csv="tmp.csv";
|
my $socket_csv="tmp.csv";
|
||||||
my $check2run="-p -s -P --fs -h -U -c -q --ip=one --color 0 --csvfile $socket_csv";
|
my $check2run="-p -s -P --fs -h -U -c -q --ip=one --color 0 --csvfile $socket_csv";
|
||||||
#my $check2run="-p --color 0 --csvfile $socket_csv";
|
#my $check2run="-p --color 0 --csvfile $socket_csv";
|
||||||
my $uri="testssl.sh";
|
my $uri="testssl.sh";
|
||||||
my $diff="";
|
my $diff="";
|
||||||
@@ -49,8 +49,8 @@ $master_socket_csv=~ s/HTTP_clock_skew.*\n//g;
|
|||||||
# Compare the differences to the master file -- and print differences if there were detected.
|
# Compare the differences to the master file -- and print differences if there were detected.
|
||||||
# Filtering takes place later, so if there will be a difference detected it'll also show HTTP_clock_skew :-(
|
# Filtering takes place later, so if there will be a difference detected it'll also show HTTP_clock_skew :-(
|
||||||
#
|
#
|
||||||
cmp_ok($socket_csv, "eq", $master_socket_csv, "Check whether CSV output matches master file from $uri") and
|
cmp_ok($socket_csv, "eq", $master_socket_csv, "Check whether CSV output matches master file from $uri") or
|
||||||
printf "\n%s\n", "$diff";
|
diag ("\n%s\n", "$diff");
|
||||||
|
|
||||||
$tests++;
|
$tests++;
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user